I’m looking to start a career in GRC. Been searching a bunch of different things (e.g. cybersecurity internal audit, GRC analyst, cyber audit, risk analyst, etc.) but everything that’s coming up is mid-senior positions, manager positions, etc.

  • Nomecks
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    2 months ago

    Do you have any certs? ISC2 is a good starting point, but getting a specific certs around NIST or ISA will help you get in the door. Reading and understanding the regulations around the industries you’re targeting would help too.

    • hellofriend@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      No certs as of current. Trying to figure out if there’s even an entry-level pathway available before I dump more money into education. NIST and ISA: are these international certs or America specific? The latter won’t help me much unless I get a remote job. As for regulations, that should be easy enough. I’m already good at research, so.

      • Nomecks
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        They’re America specific, but every region will have similar frameworks. ISO27001 is world wide I believe.

        • hellofriend@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          I’ve actually just done a bit of digging on it and it seems that CISSP is used in Canada, so I might pull the trigger on that. I’m also considering Unixguy’s GRC Mastery course. Happen to know anything about it? I don’t think it counts as a certification proper, but it might be good to show employers what I’m interested in and that I’ve already put in some work.

          • Nomecks
            link
            fedilink
            English
            arrow-up
            1
            ·
            2 months ago

            You need five years of experience in cybersecurity, or sponsorship from another CISSP to get certified. NIST and ISO are followed by lots of companies, and ISA-62443 is a big one for OT cyber.

            • hellofriend@lemmy.worldOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              2 months ago

              Guess I shoulda done more digging lol. Thanks for the help. Btw, do you know much about PECB’s courses? They have some ISO stuff that’s GRC specific, might look into it.